/mandos/release : revision 24.1.67

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Björn Påhlsson
Date: 2008-08-25 01:40:19 UTC
mto: (237.7.1 mandos) (24.1.154 mandos)
mto: This revision was merged to the branch mainline in revision 107.
Revision ID: belorn@braxen-20080825014019-p8ji8qn1bga4koao

transformed a function to a part of main

files added:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => plugin-runner.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Påhlsson.

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _FORTIFY_SOURCE 2

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

100

152

}

101

153

102

154

/* Init GPGME */

103

155

gpgme_check_version(NULL);

104

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

105

162

106

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

107

164

rc = gpgme_get_engine_info (&engine_info);

108

165

if (rc != GPG_ERR_NO_ERROR){

109

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

119

176

engine_info = engine_info->next;

120

177

}

121

178

if(engine_info == NULL){

122

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

123

180

return -1;

124

181

}

125

182

126

/* Create new GPGME data buffer from packet buffer */

127

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

128

186

if (rc != GPG_ERR_NO_ERROR){

129

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

130

188

gpgme_strsource(rc), gpgme_strerror(rc));

136

194

if (rc != GPG_ERR_NO_ERROR){

137

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

138

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

139

198

return -1;

140

199

}

141

200

144

203

if (rc != GPG_ERR_NO_ERROR){

145

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

146

205

gpgme_strsource(rc), gpgme_strerror(rc));

147

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

148

208

}

149

209

150

/* Decrypt data from the FILE pointer to the plaintext data

151

buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

152

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

153

213

if (rc != GPG_ERR_NO_ERROR){

154

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

155

215

gpgme_strsource(rc), gpgme_strerror(rc));

156

return -1;

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

242

}

243

}

244

}

245

goto decrypt_end;

157

246

}

158

247

159

248

if(debug){

160

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

161

}

162

163

if (debug){

164

gpgme_decrypt_result_t result;

165

result = gpgme_op_decrypt_result(ctx);

166

if (result == NULL){

167

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

168

} else {

169

fprintf(stderr, "Unsupported algorithm: %s\n",

170

result->unsupported_algorithm);

171

fprintf(stderr, "Wrong key usage: %d\n",

172

result->wrong_key_usage);

173

if(result->file_name != NULL){

174

fprintf(stderr, "File name: %s\n", result->file_name);

175

}

176

gpgme_recipient_t recipient;

177

recipient = result->recipients;

178

if(recipient){

179

while(recipient != NULL){

180

fprintf(stderr, "Public key algorithm: %s\n",

181

gpgme_pubkey_algo_name(recipient->pubkey_algo));

182

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

183

fprintf(stderr, "Secret key available: %s\n",

184

recipient->status == GPG_ERR_NO_SECKEY

185

? "No" : "Yes");

186

recipient = recipient->next;

187

}

188

}

189

}

190

}

191

192

/* Delete the GPGME FILE pointer cryptotext data buffer */

193

gpgme_data_release(dh_crypto);

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

194

251

195

252

/* Seek back to the beginning of the GPGME plaintext data buffer */

196

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

197

198

*new_packet = 0;

253

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

254

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

257

}

258

259

*plaintext = NULL;

199

260

while(true){

200

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

201

*new_packet = realloc(*new_packet,

202

(unsigned int)new_packet_capacity

203

+ BUFFER_SIZE);

204

if (*new_packet == NULL){

205

perror("realloc");

206

return -1;

207

}

208

new_packet_capacity += BUFFER_SIZE;

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

209

268

}

210

269

211

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

212

271

BUFFER_SIZE);

213

272

/* Print the data, if any */

214

273

if (ret == 0){

274

/* EOF */

215

275

break;

216

276

}

217

277

if(ret < 0){

218

278

perror("gpgme_data_read");

219

return -1;

279

plaintext_length = -1;

280

goto decrypt_end;

220

281

}

221

new_packet_length += ret;

282

plaintext_length += ret;

222

283

}

223

284

224

/* FIXME: check characters before printing to screen so to not print

225

terminal control characters */

226

/* if(debug){ */

227

/* fprintf(stderr, "decrypted password is: "); */

228

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

229

/* fprintf(stderr, "\n"); */

230

/* } */

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

231

297

232

298

/* Delete the GPGME plaintext data buffer */

233

299

gpgme_data_release(dh_plain);

234

return new_packet_length;

300

return plaintext_length;

235

301

}

236

302

237

303

static const char * safer_gnutls_strerror (int value) {

238

const char *ret = gnutls_strerror (value);

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

239

305

if (ret == NULL)

240

306

ret = "(unknown)";

241

307

return ret;

242

308

}

243

309

244

void debuggnutls(__attribute__((unused)) int level,

245

const char* string){

246

fprintf(stderr, "%s", string);

310

/* GnuTLS log function callback */

311

static void debuggnutls(__attribute__((unused)) int level,

312

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

247

314

}

248

315

249

int initgnutls(encrypted_session *es){

250

const char *err;

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

251

319

int ret;

252

320

253

321

if(debug){

254

322

fprintf(stderr, "Initializing GnuTLS\n");

255

323

}

256

324

257

if ((ret = gnutls_global_init ())

258

!= GNUTLS_E_SUCCESS) {

259

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

260

329

return -1;

261

330

}

262

331

263

332

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

264

336

gnutls_global_set_log_level(11);

265

337

gnutls_global_set_log_function(debuggnutls);

266

338

}

267

339

268

/* openpgp credentials */

269

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

270

!= GNUTLS_E_SUCCESS) {

271

fprintf (stderr, "memory error: %s\n",

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

272

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

273

347

return -1;

274

348

}

275

349

276

350

if(debug){

277

351

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

278

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

279

KEYFILE);

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

280

354

}

281

355

282

356

ret = gnutls_certificate_set_openpgp_key_file

283

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

284

359

if (ret != GNUTLS_E_SUCCESS) {

285

fprintf

286

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

287

" '%s')\n",

288

ret, CERTFILE, KEYFILE);

289

fprintf(stdout, "The Error is: %s\n",

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

290

364

safer_gnutls_strerror(ret));

291

return -1;

292

}

293

294

//GnuTLS server initialization

295

if ((ret = gnutls_dh_params_init (&es->dh_params))

296

!= GNUTLS_E_SUCCESS) {

297

fprintf (stderr, "Error in dh parameter initialization: %s\n",

298

safer_gnutls_strerror(ret));

299

return -1;

300

}

301

302

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

303

!= GNUTLS_E_SUCCESS) {

304

fprintf (stderr, "Error in prime generation: %s\n",

305

safer_gnutls_strerror(ret));

306

return -1;

307

}

308

309

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

310

311

// GnuTLS session creation

312

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

313

!= GNUTLS_E_SUCCESS){

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

392

}

393

394

static int init_gnutls_session(mandos_context *mc,

395

gnutls_session_t *session){

396

int ret;

397

/* GnuTLS session creation */

398

ret = gnutls_init(session, GNUTLS_SERVER);

399

if (ret != GNUTLS_E_SUCCESS){

314

400

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

315

401

safer_gnutls_strerror(ret));

316

402

}

317

403

318

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

319

!= GNUTLS_E_SUCCESS) {

320

fprintf(stderr, "Syntax error at: %s\n", err);

321

fprintf(stderr, "GnuTLS error: %s\n",

322

safer_gnutls_strerror(ret));

323

return -1;

404

{

405

const char *err;

406

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

407

if (ret != GNUTLS_E_SUCCESS) {

408

fprintf(stderr, "Syntax error at: %s\n", err);

409

fprintf(stderr, "GnuTLS error: %s\n",

410

safer_gnutls_strerror(ret));

411

gnutls_deinit (*session);

412

return -1;

413

}

324

414

}

325

415

326

if ((ret = gnutls_credentials_set

327

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

328

!= GNUTLS_E_SUCCESS) {

329

fprintf(stderr, "Error setting a credentials set: %s\n",

416

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

417

mc->cred);

418

if (ret != GNUTLS_E_SUCCESS) {

419

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

330

420

safer_gnutls_strerror(ret));

421

gnutls_deinit (*session);

331

422

return -1;

332

423

}

333

424

334

425

/* ignore client certificate if any. */

335

gnutls_certificate_server_set_request (es->session,

426

gnutls_certificate_server_set_request (*session,

336

427

GNUTLS_CERT_IGNORE);

337

428

338

gnutls_dh_set_prime_bits (es->session, DH_BITS);

429

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

339

430

340

431

return 0;

341

432

}

342

433

343

void empty_log(__attribute__((unused)) AvahiLogLevel level,

344

__attribute__((unused)) const char *txt){}

434

/* Avahi log function callback */

435

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

436

__attribute__((unused)) const char *txt){}

345

437

346

int start_mandos_communication(const char *ip, uint16_t port,

347

unsigned int if_index){

438

/* Called when a Mandos server is found */

439

static int start_mandos_communication(const char *ip, uint16_t port,

440

AvahiIfIndex if_index,

441

mandos_context *mc){

348

442

int ret, tcp_sd;

349

struct sockaddr_in6 to;

350

encrypted_session es;

443

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

351

444

char *buffer = NULL;

352

445

char *decrypted_buffer;

353

446

size_t buffer_length = 0;

354

447

size_t buffer_capacity = 0;

355

448

ssize_t decrypted_buffer_size;

356

size_t written = 0;

449

size_t written;

357

450

int retval = 0;

358

451

char interface[IF_NAMESIZE];

452

gnutls_session_t session;

453

454

ret = init_gnutls_session (mc, &session);

455

if (ret != 0){

456

return -1;

457

}

359

458

360

459

if(debug){

361

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

460

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

461

"\n", ip, port);

362

462

}

363

463

364

464

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

366

466

perror("socket");

367

467

return -1;

368

468

}

369

370

if(if_indextoname(if_index, interface) == NULL){

371

if(debug){

469

470

if(debug){

471

if(if_indextoname((unsigned int)if_index, interface) == NULL){

372

472

perror("if_indextoname");

473

return -1;

373

474

}

374

return -1;

375

}

376

377

if(debug){

378

475

fprintf(stderr, "Binding to interface %s\n", interface);

379

476

}

380

477

381

memset(&to,0,sizeof(to)); /* Spurious warning */

382

to.sin6_family = AF_INET6;

383

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

478

memset(&to, 0, sizeof(to));

479

to.in6.sin6_family = AF_INET6;

480

/* It would be nice to have a way to detect if we were passed an

481

IPv4 address here. Now we assume an IPv6 address. */

482

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

384

483

if (ret < 0 ){

385

484

perror("inet_pton");

386

485

return -1;

387

}

486

}

388

487

if(ret == 0){

389

488

fprintf(stderr, "Bad address: %s\n", ip);

390

489

return -1;

391

490

}

392

to.sin6_port = htons(port); /* Spurious warning */

491

to.in6.sin6_port = htons(port); /* Spurious warning */

393

492

394

to.sin6_scope_id = (uint32_t)if_index;

493

to.in6.sin6_scope_id = (uint32_t)if_index;

395

494

396

495

if(debug){

397

fprintf(stderr, "Connection to: %s\n", ip);

496

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

497

port);

498

char addrstr[INET6_ADDRSTRLEN] = "";

499

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

500

sizeof(addrstr)) == NULL){

501

perror("inet_ntop");

502

} else {

503

if(strcmp(addrstr, ip) != 0){

504

fprintf(stderr, "Canonical address form: %s\n", addrstr);

505

}

506

}

398

507

}

399

508

400

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

509

ret = connect(tcp_sd, &to.in, sizeof(to));

401

510

if (ret < 0){

402

511

perror("connect");

403

512

return -1;

404

513

}

405

406

ret = initgnutls (&es);

407

if (ret != 0){

408

retval = -1;

409

return -1;

514

515

const char *out = mandos_protocol_version;

516

written = 0;

517

while (true){

518

size_t out_size = strlen(out);

519

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

520

out_size - written));

521

if (ret == -1){

522

perror("write");

523

retval = -1;

524

goto mandos_end;

525

}

526

written += (size_t)ret;

527

if(written < out_size){

528

continue;

529

} else {

530

if (out == mandos_protocol_version){

531

written = 0;

532

out = "\r\n";

533

} else {

534

break;

535

}

536

}

410

537

}

411

412

gnutls_transport_set_ptr (es.session,

413

(gnutls_transport_ptr_t) tcp_sd);

414

538

415

539

if(debug){

416

540

fprintf(stderr, "Establishing TLS session with %s\n", ip);

417

541

}

418

542

419

ret = gnutls_handshake (es.session);

543

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

544

545

do{

546

ret = gnutls_handshake (session);

547

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

420

548

421

549

if (ret != GNUTLS_E_SUCCESS){

422

fprintf(stderr, "\n*** Handshake failed ***\n");

423

gnutls_perror (ret);

550

if(debug){

551

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

552

gnutls_perror (ret);

553

}

424

554

retval = -1;

425

goto exit;

555

goto mandos_end;

426

556

}

427

557

428

//Retrieve OpenPGP packet that contains the wanted password

558

/* Read OpenPGP packet that contains the wanted password */

429

559

430

560

if(debug){

431

561

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

433

563

}

434

564

435

565

while(true){

436

if (buffer_length + BUFFER_SIZE > buffer_capacity){

437

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

438

if (buffer == NULL){

439

perror("realloc");

440

goto exit;

441

}

442

buffer_capacity += BUFFER_SIZE;

566

buffer_capacity = adjustbuffer(&buffer, buffer_length,

567

buffer_capacity);

568

if (buffer_capacity == 0){

569

perror("adjustbuffer");

570

retval = -1;

571

goto mandos_end;

443

572

}

444

573

445

ret = gnutls_record_recv

446

(es.session, buffer+buffer_length, BUFFER_SIZE);

574

ret = gnutls_record_recv(session, buffer+buffer_length,

575

BUFFER_SIZE);

447

576

if (ret == 0){

448

577

break;

449

578

}

453

582

case GNUTLS_E_AGAIN:

454

583

break;

455

584

case GNUTLS_E_REHANDSHAKE:

456

ret = gnutls_handshake (es.session);

585

do{

586

ret = gnutls_handshake (session);

587

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

457

588

if (ret < 0){

458

fprintf(stderr, "\n*** Handshake failed ***\n");

589

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

459

590

gnutls_perror (ret);

460

591

retval = -1;

461

goto exit;

592

goto mandos_end;

462

593

}

463

594

break;

464

595

default:

465

596

fprintf(stderr, "Unknown error while reading data from"

466

" encrypted session with mandos server\n");

597

" encrypted session with Mandos server\n");

467

598

retval = -1;

468

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

469

goto exit;

599

gnutls_bye (session, GNUTLS_SHUT_RDWR);

600

goto mandos_end;

470

601

}

471

602

} else {

472

603

buffer_length += (size_t) ret;

473

604

}

474

605

}

475

606

607

if(debug){

608

fprintf(stderr, "Closing TLS session\n");

609

}

610

611

gnutls_bye (session, GNUTLS_SHUT_RDWR);

612

476

613

if (buffer_length > 0){

477

614

decrypted_buffer_size = pgp_packet_decrypt(buffer,

478

615

buffer_length,

479

616

&decrypted_buffer,

480

CERT_ROOT);

617

keydir);

481

618

if (decrypted_buffer_size >= 0){

482

while(written < decrypted_buffer_size){

619

written = 0;

620

while(written < (size_t) decrypted_buffer_size){

483

621

ret = (int)fwrite (decrypted_buffer + written, 1,

484

622

(size_t)decrypted_buffer_size - written,

485

623

stdout);

497

635

} else {

498

636

retval = -1;

499

637

}

500

}

501

502

//shutdown procedure

503

504

if(debug){

505

fprintf(stderr, "Closing TLS session\n");

506

}

507

638

} else {

639

retval = -1;

640

}

641

642

/* Shutdown procedure */

643

644

mandos_end:

508

645

free(buffer);

509

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

510

exit:

511

646

close(tcp_sd);

512

gnutls_deinit (es.session);

513

gnutls_certificate_free_credentials (es.cred);

514

gnutls_global_deinit ();

647

gnutls_deinit (session);

515

648

return retval;

516

649

}

517

650

518

static AvahiSimplePoll *simple_poll = NULL;

519

static AvahiServer *server = NULL;

520

521

static void resolve_callback(

522

AvahiSServiceResolver *r,

523

AvahiIfIndex interface,

524

AVAHI_GCC_UNUSED AvahiProtocol protocol,

525

AvahiResolverEvent event,

526

const char *name,

527

const char *type,

528

const char *domain,

529

const char *host_name,

530

const AvahiAddress *address,

531

uint16_t port,

532

AVAHI_GCC_UNUSED AvahiStringList *txt,

533

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

534

AVAHI_GCC_UNUSED void* userdata) {

535

536

assert(r); /* Spurious warning */

651

static void resolve_callback(AvahiSServiceResolver *r,

652

AvahiIfIndex interface,

653

AVAHI_GCC_UNUSED AvahiProtocol protocol,

654

AvahiResolverEvent event,

655

const char *name,

656

const char *type,

657

const char *domain,

658

const char *host_name,

659

const AvahiAddress *address,

660

uint16_t port,

661

AVAHI_GCC_UNUSED AvahiStringList *txt,

662

AVAHI_GCC_UNUSED AvahiLookupResultFlags

663

flags,

664

void* userdata) {

665

mandos_context *mc = userdata;

666

assert(r);

537

667

538

668

/* Called whenever a service has been resolved successfully or

539

669

timed out */

541

671

switch (event) {

542

672

default:

543

673

case AVAHI_RESOLVER_FAILURE:

544

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

545

" type '%s' in domain '%s': %s\n", name, type, domain,

546

avahi_strerror(avahi_server_errno(server)));

674

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

675

" of type '%s' in domain '%s': %s\n", name, type, domain,

676

avahi_strerror(avahi_server_errno(mc->server)));

547

677

break;

548

678

549

679

case AVAHI_RESOLVER_FOUND:

551

681

char ip[AVAHI_ADDRESS_STR_MAX];

552

682

avahi_address_snprint(ip, sizeof(ip), address);

553

683

if(debug){

554

fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",

555

host_name, ip, port);

684

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

685

PRIu16 ") on port %d\n", name, host_name, ip,

686

interface, port);

556

687

}

557

int ret = start_mandos_communication(ip, port,

558

(unsigned int) interface);

688

int ret = start_mandos_communication(ip, port, interface, mc);

559

689

if (ret == 0){

560

exit(EXIT_SUCCESS);

561

} else {

562

exit(EXIT_FAILURE);

690

avahi_simple_poll_quit(mc->simple_poll);

563

691

}

564

692

}

565

693

}

566

694

avahi_s_service_resolver_free(r);

567

695

}

568

696

569

static void browse_callback(

570

AvahiSServiceBrowser *b,

571

AvahiIfIndex interface,

572

AvahiProtocol protocol,

573

AvahiBrowserEvent event,

574

const char *name,

575

const char *type,

576

const char *domain,

577

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

578

void* userdata) {

579

580

AvahiServer *s = userdata;

581

assert(b); /* Spurious warning */

582

583

/* Called whenever a new services becomes available on the LAN or

584

is removed from the LAN */

585

586

switch (event) {

587

default:

588

case AVAHI_BROWSER_FAILURE:

589

590

fprintf(stderr, "(Browser) %s\n",

591

avahi_strerror(avahi_server_errno(server)));

592

avahi_simple_poll_quit(simple_poll);

593

return;

594

595

case AVAHI_BROWSER_NEW:

596

/* We ignore the returned resolver object. In the callback

597

function we free it. If the server is terminated before

598

the callback function is called the server will free

599

the resolver for us. */

600

601

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

602

type, domain,

603

AVAHI_PROTO_INET6, 0,

604

resolve_callback, s)))

605

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

606

avahi_strerror(avahi_server_errno(s)));

607

break;

608

609

case AVAHI_BROWSER_REMOVE:

610

break;

611

612

case AVAHI_BROWSER_ALL_FOR_NOW:

613

case AVAHI_BROWSER_CACHE_EXHAUSTED:

614

break;

697

static void browse_callback( AvahiSServiceBrowser *b,

698

AvahiIfIndex interface,

699

AvahiProtocol protocol,

700

AvahiBrowserEvent event,

701

const char *name,

702

const char *type,

703

const char *domain,

704

AVAHI_GCC_UNUSED AvahiLookupResultFlags

705

flags,

706

void* userdata) {

707

mandos_context *mc = userdata;

708

assert(b);

709

710

/* Called whenever a new services becomes available on the LAN or

711

is removed from the LAN */

712

713

switch (event) {

714

default:

715

case AVAHI_BROWSER_FAILURE:

716

717

fprintf(stderr, "(Avahi browser) %s\n",

718

avahi_strerror(avahi_server_errno(mc->server)));

719

avahi_simple_poll_quit(mc->simple_poll);

720

return;

721

722

case AVAHI_BROWSER_NEW:

723

/* We ignore the returned Avahi resolver object. In the callback

724

function we free it. If the Avahi server is terminated before

725

the callback function is called the Avahi server will free the

726

resolver for us. */

727

728

if (!(avahi_s_service_resolver_new(mc->server, interface,

729

protocol, name, type, domain,

730

AVAHI_PROTO_INET6, 0,

731

resolve_callback, mc)))

732

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

733

name, avahi_strerror(avahi_server_errno(mc->server)));

734

break;

735

736

case AVAHI_BROWSER_REMOVE:

737

break;

738

739

case AVAHI_BROWSER_ALL_FOR_NOW:

740

case AVAHI_BROWSER_CACHE_EXHAUSTED:

741

if(debug){

742

fprintf(stderr, "No Mandos server found, still searching...\n");

615

743

}

616

}

617

618

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

619

AvahiServerConfig config;

744

break;

745

}

746

}

747

748

/* Combines file name and path and returns the malloced new

749

string. some sane checks could/should be added */

750

static char *combinepath(const char *first, const char *second){

751

char *tmp;

752

int ret = asprintf(&tmp, "%s/%s", first, second);

753

if(ret < 0){

754

return NULL;

755

}

756

return tmp;

757

}

758

759

760

int main(int argc, char *argv[]){

620

761

AvahiSServiceBrowser *sb = NULL;

621

762

int error;

622

763

int ret;

623

int returncode = EXIT_SUCCESS;

764

int exitcode = EXIT_SUCCESS;

624

765

const char *interface = "eth0";

625

626

while (true){

627

static struct option long_options[] = {

628

{"debug", no_argument, (int *)&debug, 1},

629

{"interface", required_argument, 0, 'i'},

630

{0, 0, 0, 0} };

631

632

int option_index = 0;

633

ret = getopt_long (argc, argv, "i:", long_options,

634

&option_index);

635

636

if (ret == -1){

637

break;

638

}

639

640

switch(ret){

641

case 0:

642

break;

643

case 'i':

644

interface = optarg;

645

break;

646

default:

647

exit(EXIT_FAILURE);

648

}

766

struct ifreq network;

767

int sd;

768

uid_t uid;

769

gid_t gid;

770

char *connect_to = NULL;

771

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

772

char *pubkeyfilename = NULL;

773

char *seckeyfilename = NULL;

774

const char *pubkeyname = "pubkey.txt";

775

const char *seckeyname = "seckey.txt";

776

mandos_context mc = { .simple_poll = NULL, .server = NULL,

777

.dh_bits = 1024, .priority = "SECURE256"};

778

bool gnutls_initalized = false;

779

780

{

781

struct argp_option options[] = {

782

{ .name = "debug", .key = 128,

783

.doc = "Debug mode", .group = 3 },

784

{ .name = "connect", .key = 'c',

785

.arg = "IP",

786

.doc = "Connect directly to a sepcified mandos server",

787

.group = 1 },

788

{ .name = "interface", .key = 'i',

789

.arg = "INTERFACE",

790

.doc = "Interface that Avahi will conntect through",

791

.group = 1 },

792

{ .name = "keydir", .key = 'd',

793

.arg = "KEYDIR",

794

.doc = "Directory where the openpgp keyring is",

795

.group = 1 },

796

{ .name = "seckey", .key = 's',

797

.arg = "SECKEY",

798

.doc = "Secret openpgp key for gnutls authentication",

799

.group = 1 },

800

{ .name = "pubkey", .key = 'p',

801

.arg = "PUBKEY",

802

.doc = "Public openpgp key for gnutls authentication",

803

.group = 2 },

804

{ .name = "dh-bits", .key = 129,

805

.arg = "BITS",

806

.doc = "dh-bits to use in gnutls communication",

807

.group = 2 },

808

{ .name = "priority", .key = 130,

809

.arg = "PRIORITY",

810

.doc = "GNUTLS priority", .group = 1 },

811

{ .name = NULL }

812

};

813

814

815

error_t parse_opt (int key, char *arg,

816

struct argp_state *state) {

817

/* Get the INPUT argument from `argp_parse', which we know is

818

a pointer to our plugin list pointer. */

819

switch (key) {

820

case 128:

821

debug = true;

822

break;

823

case 'c':

824

connect_to = arg;

825

break;

826

case 'i':

827

interface = arg;

828

break;

829

case 'd':

830

keydir = arg;

831

break;

832

case 's':

833

seckeyname = arg;

834

break;

835

case 'p':

836

pubkeyname = arg;

837

break;

838

case 129:

839

errno = 0;

840

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

841

if (errno){

842

perror("strtol");

843

exit(EXIT_FAILURE);

844

}

845

break;

846

case 130:

847

mc.priority = arg;

848

break;

849

case ARGP_KEY_ARG:

850

argp_usage (state);

851

case ARGP_KEY_END:

852

break;

853

default:

854

return ARGP_ERR_UNKNOWN;

855

}

856

return 0;

857

}

858

859

struct argp argp = { .options = options, .parser = parse_opt,

860

.args_doc = "",

861

.doc = "Mandos client -- Get and decrypt"

862

" passwords from mandos server" };

863

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

864

if (ret == ARGP_ERR_UNKNOWN){

865

fprintf(stderr, "Unknown error while parsing arguments\n");

866

exitcode = EXIT_FAILURE;

867

goto end;

868

}

869

}

870

871

pubkeyfilename = combinepath(keydir, pubkeyname);

872

if (pubkeyfilename == NULL){

873

perror("combinepath");

874

exitcode = EXIT_FAILURE;

875

goto end;

876

}

877

878

seckeyfilename = combinepath(keydir, seckeyname);

879

if (seckeyfilename == NULL){

880

perror("combinepath");

881

exitcode = EXIT_FAILURE;

882

goto end;

883

}

884

885

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

886

if (ret == -1){

887

fprintf(stderr, "init_gnutls_global failed\n");

888

exitcode = EXIT_FAILURE;

889

goto end;

890

} else {

891

gnutls_initalized = true;

892

}

893

894

/* If the interface is down, bring it up */

895

{

896

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

897

if(sd < 0) {

898

perror("socket");

899

exitcode = EXIT_FAILURE;

900

goto end;

901

}

902

strcpy(network.ifr_name, interface);

903

ret = ioctl(sd, SIOCGIFFLAGS, &network);

904

if(ret == -1){

905

perror("ioctl SIOCGIFFLAGS");

906

exitcode = EXIT_FAILURE;

907

goto end;

908

}

909

if((network.ifr_flags & IFF_UP) == 0){

910

network.ifr_flags |= IFF_UP;

911

ret = ioctl(sd, SIOCSIFFLAGS, &network);

912

if(ret == -1){

913

perror("ioctl SIOCSIFFLAGS");

914

exitcode = EXIT_FAILURE;

915

goto end;

916

}

917

}

918

close(sd);

919

}

920

921

uid = getuid();

922

gid = getgid();

923

924

ret = setuid(uid);

925

if (ret == -1){

926

perror("setuid");

927

}

928

929

setgid(gid);

930

if (ret == -1){

931

perror("setgid");

932

}

933

934

if_index = (AvahiIfIndex) if_nametoindex(interface);

935

if(if_index == 0){

936

fprintf(stderr, "No such interface: \"%s\"\n", interface);

937

exit(EXIT_FAILURE);

938

}

939

940

if(connect_to != NULL){

941

/* Connect directly, do not use Zeroconf */

942

/* (Mainly meant for debugging) */

943

char *address = strrchr(connect_to, ':');

944

if(address == NULL){

945

fprintf(stderr, "No colon in address\n");

946

exitcode = EXIT_FAILURE;

947

goto end;

948

}

949

errno = 0;

950

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

951

if(errno){

952

perror("Bad port number");

953

exitcode = EXIT_FAILURE;

954

goto end;

955

}

956

*address = '\0';

957

address = connect_to;

958

ret = start_mandos_communication(address, port, if_index, &mc);

959

if(ret < 0){

960

exitcode = EXIT_FAILURE;

961

} else {

962

exitcode = EXIT_SUCCESS;

963

}

964

goto end;

649

965

}

650

966

651

967

if (not debug){

652

968

avahi_set_log_function(empty_log);

653

969

}

654

970

655

/* Initialize the psuedo-RNG */

971

/* Initialize the pseudo-RNG for Avahi */

656

972

srand((unsigned int) time(NULL));

657

658

/* Allocate main loop object */

659

if (!(simple_poll = avahi_simple_poll_new())) {

660

fprintf(stderr, "Failed to create simple poll object.\n");

661

662

goto exit;

663

}

664

665

/* Do not publish any local records */

666

avahi_server_config_init(&config);

667

config.publish_hinfo = 0;

668

config.publish_addresses = 0;

669

config.publish_workstation = 0;

670

config.publish_domain = 0;

671

672

/* Allocate a new server */

673

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

674

&config, NULL, NULL, &error);

675

676

/* Free the configuration data */

677

avahi_server_config_free(&config);

678

679

/* Check if creating the server object succeeded */

680

if (!server) {

681

fprintf(stderr, "Failed to create server: %s\n",

973

974

/* Allocate main Avahi loop object */

975

mc.simple_poll = avahi_simple_poll_new();

976

if (mc.simple_poll == NULL) {

977

fprintf(stderr, "Avahi: Failed to create simple poll"

978

" object.\n");

979

exitcode = EXIT_FAILURE;

980

goto end;

981

}

982

983

{

984

AvahiServerConfig config;

985

/* Do not publish any local Zeroconf records */

986

avahi_server_config_init(&config);

987

config.publish_hinfo = 0;

988

config.publish_addresses = 0;

989

config.publish_workstation = 0;

990

config.publish_domain = 0;

991

992

/* Allocate a new server */

993

mc.server = avahi_server_new(avahi_simple_poll_get

994

(mc.simple_poll), &config, NULL,

995

NULL, &error);

996

997

/* Free the Avahi configuration data */

998

avahi_server_config_free(&config);

999

}

1000

1001

/* Check if creating the Avahi server object succeeded */

1002

if (mc.server == NULL) {

1003

fprintf(stderr, "Failed to create Avahi server: %s\n",

682

1004

avahi_strerror(error));

683

returncode = EXIT_FAILURE;

684

goto exit;

1005

exitcode = EXIT_FAILURE;

1006

goto end;

685

1007

}

686

1008

687

/* Create the service browser */

688

sb = avahi_s_service_browser_new(server,

689

(AvahiIfIndex)

690

if_nametoindex(interface),

1009

/* Create the Avahi service browser */

1010

sb = avahi_s_service_browser_new(mc.server, if_index,

691

1011

AVAHI_PROTO_INET6,

692

1012

"_mandos._tcp", NULL, 0,

693

browse_callback, server);

694

if (!sb) {

1013

browse_callback, &mc);

1014

if (sb == NULL) {

695

1015

fprintf(stderr, "Failed to create service browser: %s\n",

696

avahi_strerror(avahi_server_errno(server)));

697

returncode = EXIT_FAILURE;

698

goto exit;

1016

avahi_strerror(avahi_server_errno(mc.server)));

1017

exitcode = EXIT_FAILURE;

1018

goto end;

699

1019

}

700

1020

701

1021

/* Run the main loop */

702

1022

703

1023

if (debug){

704

fprintf(stderr, "Starting avahi loop search\n");

1024

fprintf(stderr, "Starting Avahi loop search\n");

705

1025

}

706

1026

707

avahi_simple_poll_loop(simple_poll);

1027

avahi_simple_poll_loop(mc.simple_poll);

708

1028

709

exit:

1029

end:

710

1030

711

1031

if (debug){

712

1032

fprintf(stderr, "%s exiting\n", argv[0]);

713

1033

}

714

1034

715

1035

/* Cleanup things */

716

if (sb)

1036

if (sb != NULL)

717

1037

avahi_s_service_browser_free(sb);

718

1038

719

if (server)

720

avahi_server_free(server);

721

722

if (simple_poll)

723

avahi_simple_poll_free(simple_poll);

724

725

return returncode;

1039

if (mc.server != NULL)

1040

avahi_server_free(mc.server);

1041

1042

if (mc.simple_poll != NULL)

1043

avahi_simple_poll_free(mc.simple_poll);

1044

free(pubkeyfilename);

1045

free(seckeyfilename);

1046

1047

if (gnutls_initalized){

1048

gnutls_certificate_free_credentials(mc.cred);

1049

gnutls_global_deinit ();

1050

}

1051

1052

return exitcode;

726

1053

}

Older »